Information security


Reproducing protectively-marked information

Use the right methods to protect official information with protective markings when you reproduce it.

These requirements apply to all official information (with or without security classifications)

Follow these requirements to ensure your agency complies with the Protective Security Requirements for information security.

Reproducing documents

To help control protectively-marked information, keep the number of copies to a minimum. Only reproduce protectively-marked information when necessary.

If you have spare or spoilt copies that you’re not required to keep under the Public Records Act 2005, you must destroy them immediately. Go to Destroying ICT media and documents for more information.

Getting permission to make copies

To make copies of protectively-marked information with a copy number, you must get permission from the originator or originating agency (the person or agency that created the information). However, it’s better to ask the originator to supply any additional copies that you or your agency need. 

If the originator gives permission to make copies, let them know how many copies you intend to distribute. The originator will then tell you which copy numbers you need to mark on your copies.

Your agency may wish to follow a similar process for other official and protectively-marked information.

Note: The process for getting permission to make copies is mandatory if your agency operates a classified registry.

Managing ‘Accountable material’

Once disseminated, ACCOUNTABLE MATERIAL must not be copied or reproduced in any form.

If your agency needs more copies, you must request them from the originator.

You also need the originator’s permission to extract information from ACCOUNTABLE MATERIAL. 

All TOP SECRET information must be made ACCOUNTABLE MATERIAL by default.

Tracking ‘Accountable material’

ACCOUNTABLE MATERIAL must have a copy number on the front cover, so your agency can keep accurate records and control distribution.

When a protectively-marked document is made 'accountable', the person with responsibility for that document must check and certify its safe custody at stated intervals, normally every six months.

Using photocopiers, fax machines, and similar devices

Devices used to copy and transmit protectively-marked documents come with risks which you must understand and manage.

Photocopiers, fax machines and similar devices, known as multi-function devices (MFDs) may:

  • retain images of copied documents that can then be transmitted
  • be connected to ICT systems that don’t have the necessary level of protection.

Consult the Government Communication Security Bureau (GCSB) for advice on sanitising devices.

Devices you can’t use for copying and transmitting

If a device is connected to your ICT system and a document has a higher protective marking than your ICT system, you can’t use the device to copy or transmit that document.

You also can’t copy or transmit a protected document using a device connected to a public network, or a fax machine (unless that information is protected in line with the New Zealand Information Security Manual (NZISM) - 11 Communications systems and devices).

Reducing risks when you copy and transmit protected information

Take the following steps to reduce risks.

  • Put approved devices in an area where you can observe all copying and transmitting activity. 
  • Make sure a designated person stays near the device until all activity is finished.
  • Make sure documents are removed from the device as soon as activity is over. 

Page last modified: 5/08/2019